SOC 1 examines internal controls over financial reporting, while SOC 2 looks at controls based on AICPA’s trust principles, which include security, availability, processing integrity, confidentiality, and privacy. Type 2 reports evaluate operational efficacy.
